Etiqueta: cybersecurity

TFI 002

The previous TFI Challenge was a bonus one. It means it’s not one of the basics that are linked by an explicit URL.

This second challenge can be found on a page where one of the main characters in this amazing story hacks a gun. Basic challenges are related to hacking actions or strategies developed by the group of hackers we’re following in the comic.

When you follow that URL, you’ll find a code to redeem, instructions to connect remotely to a console using netcat, and the source code of the script that manages that console.

The console gives you three options:

  • Activate the special mode of the gun
  • Get admin privileges
  • Exit

By reading the code, you can tell it was written by a rookie developer, because it includes the encrypted password and decodes it to compare it with the user input.

You should never do that. Storing passwords in code is wrong, and being able to decrypt a password is also a mistake — you should use non-reversible algorithms.

To solve this challenge, you just need to write a script or start an interactive Python session to decode the encrypted password the same way the original script does.

With that password, you can connect to the remote console and follow the instructions to catch the flag. Easy peasy.

See you in the next challenge.

TFI 001

First of all, go and read TFI 000 to understand what you are reading.

You can find the first challenge on the front page, so you can see it by looking for images on the Internet.

At the bottom right corner, you can see something that looks like a URL without letters.

If you have seen «characters» like those before, you know what it is. If not, you can try to describe them to ChatGPT or another LLM. If you do it well enough, you will get the answer.

It is an encoding typically used by some ancient groups (rabbis, Knights Templar…) that you can decode by drawing two tic-tac-toe boards and two big Xs.

If you translate the URL, you will go to a page that shows your reward code and a new challenge.

The new one is made of three images with lines of different colors: one red, one green, and one blue. If you know something about computers, you know that images are created with a combination of three colors: red, green, and blue.

You can solve this challenge using any image editing software that supports layers. You just have to stack the three images and adjust the transparency to see the combination of the three, which is a password that will give you a new redeem code.

This first challenge is really easy, but you need some previous knowledge about computers and cipher systems.

See you next week with a new challenge.

TFI 000

Today is Tuesday, so it’s a Tecno-day. However, I’m presenting you a comic that is not just a comic.

«The Future is ******» is what happens when a security company makes a comic just for lols.

It’s a comic created by Rekcahhacker» in a mirror), a project from Black Hills Information Security Company, after a Kickstarter campaign that funded the first issue of TFI: a 100-page book with a great story and lots of «games». Now there are at least 4 issues, and more are coming.

On its pages, you can find URLs and other tips that lead you to some «Capture the Flag» games. CTFs are tests that you can solve using coding, debugging, and other hacker skills.

You can also see a scoreboard hosted by MetaCTF, showing the scores of everyone playing those games, and access to a Discord server where you can ask for help.

In the next Tecno-days, I’ll explain some of the techniques used to solve those tests. But you’ll have to learn the basics and solve them on your own, because I’m not giving you the solutions.

Stay in touch.